Classic Malware

This section will analyze how Malware has evolved since the concept first appeared in 1949 to the present day.

In the beginning

In 1949, Von Neumann established the Theory of Self-Reproducing Automata, where he presented for the first time the possibility of developing small replicating programs able to control other programs with a similar structure. Although the concept could have thousands of legitimate applications in computer science, it is easy to imagine negative applications of the theory outlined by Von Neumann: computer viruses, programs that replicate themselves as often as possible, increasing their population exponentially.

In 1959, in Bell Computer’s laboratories, three young programmers: Robert Thomas Morris, Douglas Mcllroy and Victor Vysottsky created a game called CoreWar, based on the theory of Von Neumann and in which programs fought between each other, trying to occupy as much memory as possible and eliminating opposing programs. This game is considered the precursor to computer viruses.

In 1972, Robert Thomas Morris created the first virus as such: Creeper, which could infect IBM 360 on the ARPANET (the predecessor of the Internet) and show an on-screen message saying “I’m the creeper, catch me if you can”. To eliminate it, a virus called Reaper was created to search for it and destroy it. This is the true origin of today’s antivirus programs.

Throughout the 80’s, as PCs became more popular, more people became tech-savvy and began to experiment with their own programs. Here we began to see the first dedicated developers of damaging programs and in 1981, Richard Skrenta wrote the first widely-spreading virus: Elk Cloner, which displayed a poem after the infected computer had restarted 50 times.

In 1984, Frederick B. Cohen first coined the phrase computer virus, in a study defining it as “a program that can `infect' other programs by modifying them to include a possibly evolved copy of itself”.

In 1987, the Jerusalem or Friday 13 virus appeared which was able to infect .EXE and .COM files. It was first reported in the Hebrew University of Jerusalem and became one of the most famous viruses in history.

In 1999 the Happyworm, developed by Spanska, began a new trend in malware which has continued to the present-day: the sending of worms via email.

In 2000 the rapid propagation and massive infection of theLoveLetter (I love you) virus reached the headlines around the world. This worm was also spread via email and used social engineering techniques to trick users. This was the beginning of the era of large-scale epidemics, which reached its climax in 2004.

This was the year that saw the emergence of worms like Mydoom, Netsky, Sasser, or Bagle, designed to cause widespread alarm and largely successful in that purpose. This was the worst year for these kinds of epidemics, but curiously, also the last. Malware creators began to realize that their abilities could be used for more than just making headlines… they could also make money.

The Sea Change

In 2005, cyber-crooks began to realize that malware creation could become a profitable business model

This type of malware is designed to steal confidential details, particularly related to online banking, and is often propagated through exploits, spam or other malware which downloads the banker Trojan onto computers.

Other latent threats related with the malware business model include spyware and adware, where some software firms allow users to use an application in exchange for monitoring their Internet activity.

As mobile phones and other mobile devices have become more popular, they have also become a target for the malware industry.

In 2004 Cabir.A and ComWar.A emerged as the first examples of malicious code designed to target these devices. ComWar.A not only spread through Bluetooth but also through MMS messages, sending itself to its victims’ contacts. Nowadays there is malware designed for all the most widely-used platforms: Symbian, PocketPC, Palm, etc, and propagation channels include SMS, MMS, IrDA, Bluetooth, etc.

The most frequently targeted operating system today is still Windows 32-bit. As we mentioned previously, malware creators have seen the financial potential for their activity and as Windows accounts for 90 percent of the market, it is easy to see why it is the focus of their attention. Perhaps another obstacle for creators of malware for Linux and Macintosh is related to the medium/high level of knowledge of users of these types of platforms, and so social engineering, the main method of propagation, will not be as effective as with other users.

You can get more information about all this malware on the following links: